DNS Attacks and Mitigations

Vocabulary-style flashcards covering common DNS attacks and their mitigations as described in the lecture notes.

DNS cache poisoning (DNS spoofing)

Corrupting a DNS resolver's cache with false data, causing lookups to resolve to attacker-controlled IP addresses and redirecting users to malicious sites.

DNSSEC (Domain Name System Security Extensions)

Adds digital signatures to DNS data to verify authenticity and integrity during lookups, helping prevent DNS cache poisoning.

DNS amplification attack

Attacker uses spoofed queries to open DNS resolvers to generate large responses sent to the victim, overwhelming the target with traffic; mitigations include limiting response size and rate limiting.

DNS tunneling

Using the DNS protocol to carry non-DNS traffic (e.g., HTTP, SSH) over port 53 to bypass firewalls; can enable command and control or data exfiltration; mitigations include monitoring DNS logs for anomalies.

Domain hijacking (domain theft)

Unauthorized changes to a domain's registration, potentially redirecting traffic to a malicious site; mitigations include secure account practices and registry lock services.

DNS zone transfer attack

Attacker pretends to be an authorized server to obtain a copy of the domain's DNS zone data, enabling reconnaissance; mitigations include restricting zone transfers to authorized servers and using authentication.